ConfigServer Services Blog

New csf v8.23

Changes:

  • On cPanel servers ensure the lfd service is always correctly appended to chkservd.conf on csf installation

New csf v8.22

Changes:

  • Fix csf –tempdeny from allowing blocking of local IPs
  • Fix problem where LF_NETBLOCK was no longer affective after blocking a its first netblock until it timed out from csf.tempip
  • Modify UI table spacing

New cxs v6.05

Changes:

  • Added version detection for Drupal v8
  • Added PureFTPd integration Enable/Disable/Restart options to cxs UI
  • Added ModSecurity integration Install/Remove options to cxs UI
  • Mute perl lc UTF-16 warnings where necessary
  • New –options [U]. This option will match PHP scripts that allow uploading files to the server via the HTTP POST method. This option requires that –options [m] is also specified
  • Added –options [U] to the Restricted Mode UI options
  • UI updates and improvements
  • Exploit fingerprint definitions database additions

New csf v8.20

Changes:

  • Modify Relay Alert email to specify “localhost” rather than “Local Account” when localhost IPv6 address detected as it currently does for IPv4 localhost
  • Improvement to lfd restart routine for MailScanner and pure-ftpd when cPanel upgrades on RHEL/CentOS/CloudLinux v7+ servers

New csf v8.19

Changes:

  • Move SMTP_BLOCK rules to a separate chain to avoid conflicts with other control panels deleting required rules

New csf v8.18

Changes:

  • Reversed csf.tempip changes to avoid a possible locking issue in csf.pl, lfd.pl changes retained

New csf v8.17

Changes:

  • Fixed 12 month statistics pie chart rendering
  • Increased default value and sanity range for PT_USERMEM
  • Modified SMTP_BLOCK to use iptables multiport
  • Added new feature: SMTP_REDIRECT. This redirects non-authorised outbound SMTP connections to the local SMTP server
  • Ensure LF_PERMBLOCK IP’s are removed from csf.tempip when rotating csf.deny after reaching DENY_IP_LIMIT
  • Remove stale csf.tempip entries on lfd startup
  • Added IPv6 support to RT_LOCALHOSTRELAY tracking
  • Update binary locations for new installations on DirectAdmin Debian
  • Improved fix for detection of ip6tables nat chains
  • Added UI Firewall Configuration On/Off buttons
  • Added UI Firewall Configuration dropdowns for some value ranges
  • Updated UI restricted list
  • Updated sanity checks
  • Various UI updates and modifications
  • Added a warning when using mod_cloudflare to Server Check Report

csf no longer processing LF_SCRIPT_ALERT

Due to the changes by exim caused by CVE-2016-1531, exim no longer reports the script location that it was initiated from. This now means that LF_SCRIPT_* will no longer function.

EDIT: We have just be informed by cPanel that they have developed a workaround that will be released imminently for EXIM that should restore the functionality. Yay!